Cybersecurity Trends 2019: Privacy and intrusion in the global village

With just days left in 2018, ESET experts offer their reflections in ‘Cybersecurity Trends 2019’ on themes that are set to figure prominently in the upcoming year

So, it’s almost a wrap for 2018. Before we rush to welcome in the New Year, however, let’s consider what may await the cybersecurity community and, indeed, the world at large over the next 12 months. How is 2019 going to shape up?

With cyberattacks, data leaks and privacy missteps becoming increasingly pervasive and damaging, more eyes than ever will be on ensuring the safety of our computer assets. This ultimately boils down to safeguarding the confidentiality, integrity and availability of computer systems and data as the three principal properties and objectives of information security practices. With that in mind, if there is one thread that runs through our collection of reflections and weaves a common narrative, it’s a focus on data protection and privacy.

For one thing, ESET’s 2019 ‘Trends’ report ponders the highly pertinent issue of the responsibility that lies with technology giants such as Google and Facebook for protecting the reams of user data they have amassed over the years. What with many of us relying on their services for our daily online lives, we broach the question: as we put all of our digital eggs in one or two of those corporate baskets, might we find ourselves in a pickle if that basket spills our eggs? And what can biological diversity teach us about the diversity within our personal digital ecosystem? ‘Trends’ elucidates the connection.

Discussions about responsibility lead to considerations of scrutiny. In 2018, we’ve seen a landmark year on the data privacy landscape, since in May the European Union (EU) began to enforce the General Data Protection Regulation (GDPR), which has implications for any organization – regardless of its location – that handles the personal data of EU citizens. Seven months later, what are the expectations for privacy legislation, worldwide, in 2019 and beyond? Notably, there is a strong argument to suggest that other parts of the world may take their cue from the EU. We reflect on just how far we may be on a journey towards a global GDPR-style law.

Of course, it would be remiss of us not to consider threats posed by malware. Of all rogue software, none has probably generated more questions and buzz this year than that aimed at illicit cryptocurrency mining. That contrasts with ransomware as the front-and-center topic during much of 2017, as ransomware has largely taken a backseat this year – in media interest, anyway. Adding to those questions: does cryptojacking – as the theft of computational resources and electricity has come to be nicknamed – have the staying power to figure prominently in the threatscape in 2019, too? ‘Trends’ does the math, as it were.

Furthermore, in a world that yearns for technology-enabled convenience, things couldn’t get much more comfortable than when we can get away with forgetting to switch the lights off after we plonk ourselves in our beds. That’s when our artificially-intelligent companions bail us out, after all. Now, beyond the in-built privacy concerns – those voice-controlled assistants are always listening, after all – another question springs to mind: could it be that we’re turning a blind eye to the threat of miscreants who might leverage these cores of our connected homes in order to invade our private lives? And, while we’re at it, we cannot help asking: do we realize how much and what kind of data we share with these gizmos in the first place?

Machine learning (ML), as a technology that thrives on vast quantities of (useful) data, has also gained a foothold in cybersecurity. ML algorithms can free cyber-defenders from repetitive chores, notably from the triaging of suspicious files, thus ultimately helping them to identify actual threats more efficiently. On the other hand, ML can also be a boon to miscreants, who have become keenly aware of its potential for automating labor-intensive tasks and for prospecting for vulnerable targets. That is far from all there is to ML in this sphere, however, and in ‘Trends’ we help you make sense of the abundant applications of these algorithms for both virtuous and villainous ventures. At the same time, we shine a light on where humans enter the equation.

Indeed, the cybersecurity equation contains many variables that represent its human side. With that in mind, it behooves us to remember the lessons of the year that is drawing to a close, so that we can turn the page to a safe(r) New Year.